X-Git-Url: http://www.privoxy.org/gitweb/?a=blobdiff_plain;f=loadcfg.c;h=55874d57fe151e288d20fcb1ababac3a3ebb8c46;hb=7c7eac4808f49d1b7bba67ade896788d25f7baa6;hp=efb6c7d2e54eec668558aaefd259bce34f14775e;hpb=f23b3fc38f69dba869b540d04beaef37a776d9ef;p=privoxy.git
diff --git a/loadcfg.c b/loadcfg.c
index efb6c7d2..55874d57 100644
--- a/loadcfg.c
+++ b/loadcfg.c
@@ -1,4 +1,3 @@
-const char loadcfg_rcs[] = "$Id: loadcfg.c,v 1.84 2009/01/14 16:14:36 fabiankeil Exp $";
/*********************************************************************
*
* File : $Source: /cvsroot/ijbswa/current/loadcfg.c,v $
@@ -8,8 +7,8 @@ const char loadcfg_rcs[] = "$Id: loadcfg.c,v 1.84 2009/01/14 16:14:36 fabiankeil
* routine to load the configuration and the global
* variables it writes to.
*
- * Copyright : Written by and Copyright (C) 2001-2008 the SourceForge
- * Privoxy team. http://www.privoxy.org/
+ * Copyright : Written by and Copyright (C) 2001-2017 the
+ * Privoxy team. https://www.privoxy.org/
*
* Based on the Internet Junkbuster originally written
* by and Copyright (C) 1997 Anonymous Coders and
@@ -33,451 +32,8 @@ const char loadcfg_rcs[] = "$Id: loadcfg.c,v 1.84 2009/01/14 16:14:36 fabiankeil
* or write to the Free Software Foundation, Inc., 59
* Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
- * Revisions :
- * $Log: loadcfg.c,v $
- * Revision 1.84 2009/01/14 16:14:36 fabiankeil
- * Due to the standard.action file removal, the other action
- * files changed their position in config->actions_file[].
- * Update mingw32 kludge accordingly.
- *
- * Revision 1.83 2008/12/20 14:53:55 fabiankeil
- * Add config option socket-timeout to control the time
- * Privoxy waits for data to arrive on a socket. Useful
- * in case of stale ssh tunnels or when fuzz-testing.
- *
- * Revision 1.82 2008/11/16 12:43:49 fabiankeil
- * Turn keep-alive support into a runtime feature
- * that is disabled by setting keep-alive-timeout
- * to a negative value.
- *
- * Revision 1.81 2008/11/13 09:08:42 fabiankeil
- * Add new config option: keep-alive-timeout.
- *
- * Revision 1.80 2008/08/31 15:59:03 fabiankeil
- * There's no reason to let remote toggling support depend
- * on FEATURE_CGI_EDIT_ACTIONS, so make sure it doesn't.
- *
- * Revision 1.79 2008/08/30 12:03:07 fabiankeil
- * Remove FEATURE_COOKIE_JAR.
- *
- * Revision 1.78 2008/08/02 08:23:22 fabiankeil
- * If the enforce-blocks directive is used with FEATURE_FORCE_LOAD
- * disabled, log a message that blocks will always be enforced
- * instead of complaining about an unrecognized directive.
- * Reported by Pietro Leone.
- *
- * Revision 1.77 2008/05/26 16:13:22 fabiankeil
- * Reuse directive_hash and don't hash the same directive twice.
- *
- * Revision 1.76 2008/05/10 09:03:16 fabiankeil
- * - Merge three string_append() calls.
- * - Remove useless assertion.
- *
- * Revision 1.75 2008/03/30 14:52:05 fabiankeil
- * Rename load_actions_file() and load_re_filterfile()
- * as they load multiple files "now".
- *
- * Revision 1.74 2008/03/26 18:07:07 fabiankeil
- * Add hostname directive. Closes PR#1918189.
- *
- * Revision 1.73 2008/02/16 16:54:51 fabiankeil
- * Fix typo.
- *
- * Revision 1.72 2008/02/03 13:46:15 fabiankeil
- * Add SOCKS5 support. Patch #1862863 by Eric M. Hopper with minor changes.
- *
- * Revision 1.71 2007/12/23 15:24:56 fabiankeil
- * Reword "unrecognized directive" warning, use better
- * mark up and add a
. Fixes parts of #1856559.
- *
- * Revision 1.70 2007/12/15 14:24:05 fabiankeil
- * Plug memory leak if listen-address only specifies the port.
- *
- * Revision 1.69 2007/10/27 13:02:27 fabiankeil
- * Relocate daemon-mode-related log messages to make sure
- * they aren't shown again in case of configuration reloads.
- *
- * Revision 1.68 2007/10/19 16:32:34 fabiankeil
- * Plug memory leak introduced with my last commit.
- *
- * Revision 1.67 2007/10/14 14:12:41 fabiankeil
- * When in daemon mode, close stderr after the configuration file has been
- * parsed the first time. If logfile isn't set, stop logging. Fixes BR#897436.
- *
- * Revision 1.66 2007/08/05 14:02:09 fabiankeil
- * #1763173 from Stefan Huehner: declare unload_configfile() static.
- *
- * Revision 1.65 2007/07/21 11:51:36 fabiankeil
- * As Hal noticed, checking dispatch_cgi() as the last cruncher
- * looks like a bug if CGI requests are blocked unintentionally,
- * so don't do it unless the user enabled the new config option
- * "allow-cgi-request-crunching".
- *
- * Revision 1.64 2007/05/21 10:44:08 fabiankeil
- * - Use strlcpy() instead of strcpy().
- * - Stop treating actions files special. Expect a complete file name
- * (with or without path) like it's done for the rest of the files.
- * Closes FR#588084.
- * - Remove an unnecessary temporary memory allocation.
- * - Don't log anything to the console when running as
- * daemon and no errors occurred.
- *
- * Revision 1.63 2007/04/09 18:11:36 fabiankeil
- * Don't mistake VC++'s _snprintf() for a snprintf() replacement.
- *
- * Revision 1.62 2007/03/17 15:20:05 fabiankeil
- * New config option: enforce-blocks.
- *
- * Revision 1.61 2007/03/16 16:47:35 fabiankeil
- * - Mention other reasons why acl directive loading might have failed.
- * - Don't log the acl source if the acl destination is to blame.
- *
- * Revision 1.60 2007/01/27 13:09:16 fabiankeil
- * Add new config option "templdir" to
- * change the templates directory.
- *
- * Revision 1.59 2006/12/31 17:56:38 fabiankeil
- * Added config option accept-intercepted-requests
- * and disabled it by default.
- *
- * Revision 1.58 2006/12/31 14:24:29 fabiankeil
- * Fix gcc43 compiler warnings.
- *
- * Revision 1.57 2006/12/21 12:57:48 fabiankeil
- * Add config option "split-large-forms"
- * to work around the browser bug reported
- * in BR #1570678.
- *
- * Revision 1.56 2006/12/17 17:04:51 fabiankeil
- * Move the
in the generated HTML for the config
- * options from the beginning of the string to its end.
- * Keeps the white space in balance.
- *
- * Revision 1.55 2006/11/28 15:31:52 fabiankeil
- * Fix memory leak in case of config file reloads.
- *
- * Revision 1.54 2006/10/21 16:04:22 fabiankeil
- * Modified kludge for win32 to make ming32 menu
- * "Options/Edit Filters" (sort of) work again.
- * Same limitations as for the action files apply.
- * Fixes BR 1567373.
- *
- * Revision 1.53 2006/09/06 18:45:03 fabiankeil
- * Incorporate modified version of Roland Rosenfeld's patch to
- * optionally access the user-manual via Privoxy. Closes patch 679075.
- *
- * Formatting changed to Privoxy style, added call to
- * cgi_error_no_template if the requested file doesn't
- * exist and modified check whether or not Privoxy itself
- * should serve the manual. Should work cross-platform now.
- *
- * Revision 1.52 2006/09/06 10:43:32 fabiankeil
- * Added config option enable-remote-http-toggle
- * to specify if Privoxy should recognize special
- * headers (currently only X-Filter) to change its
- * behaviour. Disabled by default.
- *
- * Revision 1.51 2006/09/06 09:23:37 fabiankeil
- * Make number of retries in case of forwarded-connect problems
- * a config file option (forwarded-connect-retries) and use 0 as
- * default.
- *
- * Revision 1.50 2006/07/18 14:48:46 david__schmidt
- * Reorganizing the repository: swapping out what was HEAD (the old 3.1 branch)
- * with what was really the latest development (the v_3_0_branch branch)
- *
- * Revision 1.48.2.7 2006/02/02 17:29:16 david__schmidt
- * Don't forget to malloc space for the null terminator...
- *
- * Revision 1.48.2.6 2006/01/29 23:10:56 david__schmidt
- * Multiple filter file support
- *
- * Revision 1.48.2.5 2003/05/08 15:17:25 oes
- * Closed two memory leaks; hopefully the last remaining ones
- * (in the main execution paths, anyway).
- *
- * Revision 1.48.2.4 2003/04/11 12:06:14 oes
- * Addressed bug #719435
- * - Extraneous filterfile directives now logged as errors
- * - This and unrecnonised directives now really obvious on status page
- *
- * Revision 1.48.2.3 2003/03/11 11:53:59 oes
- * Cosmetic: Renamed cryptic variable
- *
- * Revision 1.48.2.2 2002/11/12 16:28:20 oes
- * Move unrelated variable declaration out of #ifdef FEATURE_ACL; fixes bug #636655
- *
- * Revision 1.48.2.1 2002/08/21 17:58:05 oes
- * Temp kludge to let user and default action file be edited through win32 GUI (FR 592080)
- *
- * Revision 1.48 2002/05/14 21:30:38 oes
- * savearg now uses own linking code instead of (now special-cased) add_help_link
- *
- * Revision 1.47 2002/05/12 21:36:29 jongfoster
- * Correcting function comments
- *
- * Revision 1.46 2002/04/26 12:55:14 oes
- * - New option "user-manual", defaults to our site
- * via project.h #define
- * - savearg now embeds option names in help links
- *
- * Revision 1.45 2002/04/24 02:11:54 oes
- * Jon's multiple AF patch: Allow up to MAX_AF_FILES actionsfile options
- *
- * Revision 1.44 2002/04/08 20:37:13 swa
- * fixed JB spelling
- *
- * Revision 1.43 2002/04/08 20:36:50 swa
- * fixed JB spelling
- *
- * Revision 1.42 2002/04/05 15:50:15 oes
- * fix for invalid HTML proxy_args
- *
- * Revision 1.41 2002/03/31 17:19:00 jongfoster
- * Win32 only: Enabling STRICT to fix a VC++ compile warning.
- *
- * Revision 1.40 2002/03/26 22:29:55 swa
- * we have a new homepage!
- *
- * Revision 1.39 2002/03/24 13:25:43 swa
- * name change related issues
- *
- * Revision 1.38 2002/03/24 13:05:48 jongfoster
- * Renaming re_filterfile to filterfile
- *
- * Revision 1.37 2002/03/16 23:54:06 jongfoster
- * Adding graceful termination feature, to help look for memory leaks.
- * If you enable this (which, by design, has to be done by hand
- * editing config.h) and then go to http://i.j.b/die, then the program
- * will exit cleanly after the *next* request. It should free all the
- * memory that was used.
- *
- * Revision 1.36 2002/03/13 00:27:05 jongfoster
- * Killing warnings
- *
- * Revision 1.35 2002/03/07 03:52:44 oes
- * Set logging to tty for --no-daemon mode
- *
- * Revision 1.34 2002/03/06 23:14:35 jongfoster
- * Trivial cosmetic changes to make function comments easier to find.
- *
- * Revision 1.33 2002/03/05 04:52:42 oes
- * Deleted non-errlog debugging code
- *
- * Revision 1.32 2002/03/04 18:24:53 oes
- * Re-enabled output of unknown config directive hash
- *
- * Revision 1.31 2002/03/03 15:07:20 oes
- * Re-enabled automatic config reloading
- *
- * Revision 1.30 2002/01/22 23:31:43 jongfoster
- * Replacing strsav() with string_append()
- *
- * Revision 1.29 2002/01/17 21:02:30 jongfoster
- * Moving all our URL and URL pattern parsing code to urlmatch.c.
- *
- * Renaming free_url to free_url_spec, since it frees a struct url_spec.
- *
- * Revision 1.28 2001/12/30 14:07:32 steudten
- * - Add signal handling (unix)
- * - Add SIGHUP handler (unix)
- * - Add creation of pidfile (unix)
- * - Add action 'top' in rc file (RH)
- * - Add entry 'SIGNALS' to manpage
- * - Add exit message to logfile (unix)
- *
- * Revision 1.27 2001/11/07 00:02:13 steudten
- * Add line number in error output for lineparsing for
- * actionsfile and configfile.
- * Special handling for CLF added.
- *
- * Revision 1.26 2001/11/05 21:41:43 steudten
- * Add changes to be a real daemon just for unix os.
- * (change cwd to /, detach from controlling tty, set
- * process group and session leader to the own process.
- * Add DBG() Macro.
- * Add some fatal-error log message for failed malloc().
- * Add '-d' if compiled with 'configure --with-debug' to
- * enable debug output.
- *
- * Revision 1.25 2001/10/25 03:40:48 david__schmidt
- * Change in porting tactics: OS/2's EMX porting layer doesn't allow multiple
- * threads to call select() simultaneously. So, it's time to do a real, live,
- * native OS/2 port. See defines for __EMX__ (the porting layer) vs. __OS2__
- * (native). Both versions will work, but using __OS2__ offers multi-threading.
- *
- * Revision 1.24 2001/10/23 21:40:30 jongfoster
- * Added support for enable-edit-actions and enable-remote-toggle config
- * file options.
- *
- * Revision 1.23 2001/10/07 15:36:00 oes
- * Introduced new config option "buffer-limit"
- *
- * Revision 1.22 2001/09/22 16:36:59 jongfoster
- * Removing unused parameter fs from read_config_line()
- *
- * Revision 1.21 2001/09/16 17:10:43 jongfoster
- * Moving function savearg() here, since it was the only thing left in
- * showargs.c.
- *
- * Revision 1.20 2001/07/30 22:08:36 jongfoster
- * Tidying up #defines:
- * - All feature #defines are now of the form FEATURE_xxx
- * - Permanently turned off WIN_GUI_EDIT
- * - Permanently turned on WEBDAV and SPLIT_PROXY_ARGS
- *
- * Revision 1.19 2001/07/15 17:45:16 jongfoster
- * Removing some unused #includes
- *
- * Revision 1.18 2001/07/13 14:01:14 oes
- * - Removed all #ifdef PCRS
- * - Removed vim-settings
- *
- * Revision 1.17 2001/06/29 13:31:03 oes
- * - Improved comments
- * - Fixed (actionsfile) and sorted hashes
- * - Introduced admin_address and proxy-info-url
- * as config parameters
- * - Renamed config->proxy_args_invocation (which didn't have
- * the invocation but the options!) to config->proxy_args
- * - Various adaptions
- * - Removed logentry from cancelled commit
- *
- * Revision 1.16 2001/06/09 10:55:28 jongfoster
- * Changing BUFSIZ ==> BUFFER_SIZE
- *
- * Revision 1.15 2001/06/07 23:13:40 jongfoster
- * Merging ACL and forward files into config file.
- * Cosmetic: Sorting config file options alphabetically.
- * Cosmetic: Adding brief syntax comments to config file options.
- *
- * Revision 1.14 2001/06/07 14:46:25 joergs
- * Missing make_path() added for re_filterfile.
- *
- * Revision 1.13 2001/06/05 22:33:54 jongfoster
- *
- * Fixed minor memory leak.
- * Also now uses make_path to prepend the pathnames.
- *
- * Revision 1.12 2001/06/05 20:04:09 jongfoster
- * Now uses _snprintf() in place of snprintf() under Win32.
- *
- * Revision 1.11 2001/06/04 18:31:58 swa
- * files are now prefixed with either `confdir' or `logdir'.
- * `make redhat-dist' replaces both entries confdir and logdir
- * with redhat values
- *
- * Revision 1.10 2001/06/03 19:11:54 oes
- * introduced confdir option
- *
- * Revision 1.9 2001/06/01 20:06:24 jongfoster
- * Removed support for "tinygif" option - moved to actions file.
- *
- * Revision 1.8 2001/05/31 21:27:13 jongfoster
- * Removed many options from the config file and into the
- * "actions" file: add_forwarded, suppress_vanilla_wafer,
- * wafer, add_header, user_agent, referer, from
- * Also globally replaced "permission" with "action".
- *
- * Revision 1.7 2001/05/29 09:50:24 jongfoster
- * Unified blocklist/imagelist/permissionslist.
- * File format is still under discussion, but the internal changes
- * are (mostly) done.
- *
- * Also modified interceptor behaviour:
- * - We now intercept all URLs beginning with one of the following
- * prefixes (and *only* these prefixes):
- * * http://i.j.b/
- * * http://ijbswa.sf.net/config/
- * * http://ijbswa.sourceforge.net/config/
- * - New interceptors "home page" - go to http://i.j.b/ to see it.
- * - Internal changes so that intercepted and fast redirect pages
- * are not replaced with an image.
- * - Interceptors now have the option to send a binary page direct
- * to the client. (i.e. ijb-send-banner uses this)
- * - Implemented show-url-info interceptor. (Which is why I needed
- * the above interceptors changes - a typical URL is
- * "http://i.j.b/show-url-info?url=www.somesite.com/banner.gif".
- * The previous mechanism would not have intercepted that, and
- * if it had been intercepted then it then it would have replaced
- * it with an image.)
- *
- * Revision 1.6 2001/05/26 00:28:36 jongfoster
- * Automatic reloading of config file.
- * Removed obsolete SIGHUP support (Unix) and Reload menu option (Win32).
- * Most of the global variables have been moved to a new
- * struct configuration_spec, accessed through csp->config->globalname
- * Most of the globals remaining are used by the Win32 GUI.
- *
- * Revision 1.5 2001/05/25 22:34:30 jongfoster
- * Hard tabs->Spaces
- *
- * Revision 1.4 2001/05/22 18:46:04 oes
- *
- * - Enabled filtering banners by size rather than URL
- * by adding patterns that replace all standard banner
- * sizes with the "Junkbuster" gif to the re_filterfile
- *
- * - Enabled filtering WebBugs by providing a pattern
- * which kills all 1x1 images
- *
- * - Added support for PCRE_UNGREEDY behaviour to pcrs,
- * which is selected by the (nonstandard and therefore
- * capital) letter 'U' in the option string.
- * It causes the quantifiers to be ungreedy by default.
- * Appending a ? turns back to greedy (!).
- *
- * - Added a new interceptor ijb-send-banner, which
- * sends back the "Junkbuster" gif. Without imagelist or
- * MSIE detection support, or if tinygif = 1, or the
- * URL isn't recognized as an imageurl, a lame HTML
- * explanation is sent instead.
- *
- * - Added new feature, which permits blocking remote
- * script redirects and firing back a local redirect
- * to the browser.
- * The feature is conditionally compiled, i.e. it
- * can be disabled with --disable-fast-redirects,
- * plus it must be activated by a "fast-redirects"
- * line in the config file, has its own log level
- * and of course wants to be displayed by show-proxy-args
- * Note: Boy, all the #ifdefs in 1001 locations and
- * all the fumbling with configure.in and acconfig.h
- * were *way* more work than the feature itself :-(
- *
- * - Because a generic redirect template was needed for
- * this, tinygif = 3 now uses the same.
- *
- * - Moved GIFs, and other static HTTP response templates
- * to project.h
- *
- * - Some minor fixes
- *
- * - Removed some >400 CRs again (Jon, you really worked
- * a lot! ;-)
- *
- * Revision 1.3 2001/05/20 01:21:20 jongfoster
- * Version 2.9.4 checkin.
- * - Merged popupfile and cookiefile, and added control over PCRS
- * filtering, in new "permissionsfile".
- * - Implemented LOG_LEVEL_FATAL, so that if there is a configuration
- * file error you now get a message box (in the Win32 GUI) rather
- * than the program exiting with no explanation.
- * - Made killpopup use the PCRS MIME-type checking and HTTP-header
- * skipping.
- * - Removed tabs from "config"
- * - Moved duplicated url parsing code in "loaders.c" to a new funcition.
- * - Bumped up version number.
- *
- * Revision 1.2 2001/05/17 23:01:01 oes
- * - Cleaned CRLF's from the sources and related files
- *
- * Revision 1.1.1.1 2001/05/15 13:58:58 oes
- * Initial import of version 2.9.3 source tree
- *
- *
*********************************************************************/
-
+
#include "config.h"
@@ -496,6 +52,7 @@ const char loadcfg_rcs[] = "$Id: loadcfg.c,v 1.84 2009/01/14 16:14:36 fabiankeil
# ifndef STRICT
# define STRICT
# endif
+# include
# include
# include "win32.h"
@@ -515,6 +72,7 @@ const char loadcfg_rcs[] = "$Id: loadcfg.c,v 1.84 2009/01/14 16:14:36 fabiankeil
#endif
+#include "project.h"
#include "loadcfg.h"
#include "list.h"
#include "jcc.h"
@@ -527,19 +85,20 @@ const char loadcfg_rcs[] = "$Id: loadcfg.c,v 1.84 2009/01/14 16:14:36 fabiankeil
#include "urlmatch.h"
#include "cgi.h"
#include "gateway.h"
+#ifdef FEATURE_CLIENT_TAGS
+#include "client-tags.h"
+#endif
-const char loadcfg_h_rcs[] = LOADCFG_H_VERSION;
+/*
+ * Default number of seconds after which an
+ * open connection will no longer be reused.
+ */
+#define DEFAULT_KEEP_ALIVE_TIMEOUT 180
/*
- * Fix a problem with Solaris. There should be no effect on other
- * platforms.
- * Solaris's isspace() is a macro which uses it's argument directly
- * as an array index. Therefore we need to make sure that high-bit
- * characters generate +ve values, and ideally we also want to make
- * the argument match the declared parameter type of "int".
+ * Default backlog passed to listen().
*/
-#define ijb_isupper(__X) isupper((int)(unsigned char)(__X))
-#define ijb_tolower(__X) tolower((int)(unsigned char)(__X))
+#define DEFAULT_LISTEN_BACKLOG 128
#ifdef FEATURE_TOGGLE
/* Privoxy is enabled by default. */
@@ -554,7 +113,7 @@ const char *configfile = NULL;
* so we will make argc and argv global.
*/
int Argc = 0;
-const char **Argv = NULL;
+char * const * Argv = NULL;
static struct file_list *current_configfile = NULL;
@@ -562,7 +121,7 @@ static struct file_list *current_configfile = NULL;
/*
* This takes the "cryptic" hash of each keyword and aliases them to
* something a little more readable. This also makes changing the
- * hash values easier if they should change or the hash algorthm changes.
+ * hash values easier if they should change or the hash algorithm changes.
* Use the included "hash" program to find out what the hash will be
* for any string supplied on the command line. (Or just put it in the
* config file and read the number from the error message in the log).
@@ -571,53 +130,81 @@ static struct file_list *current_configfile = NULL;
* console and GUI specific options last).
*/
-#define hash_actions_file 1196306641ul /* "actionsfile" */
-#define hash_accept_intercepted_requests 1513024973ul /* "accept-intercepted-requests" */
-#define hash_admin_address 4112573064ul /* "admin-address" */
-#define hash_allow_cgi_request_crunching 258915987ul /* "allow-cgi-request-crunching" */
-#define hash_buffer_limit 1881726070ul /* "buffer-limit */
-#define hash_confdir 1978389ul /* "confdir" */
-#define hash_debug 78263ul /* "debug" */
-#define hash_deny_access 1227333715ul /* "deny-access" */
-#define hash_enable_edit_actions 2517097536ul /* "enable-edit-actions" */
-#define hash_enable_remote_toggle 2979744683ul /* "enable-remote-toggle" */
-#define hash_enable_remote_http_toggle 110543988ul /* "enable-remote-http-toggle" */
-#define hash_enforce_blocks 1862427469ul /* "enforce-blocks" */
-#define hash_filterfile 250887266ul /* "filterfile" */
-#define hash_forward 2029845ul /* "forward" */
-#define hash_forward_socks4 3963965521ul /* "forward-socks4" */
-#define hash_forward_socks4a 2639958518ul /* "forward-socks4a" */
-#define hash_forward_socks5 3963965522ul /* "forward-socks5" */
-#define hash_forwarded_connect_retries 101465292ul /* "forwarded-connect-retries" */
-#define hash_hostname 10308071ul /* "hostname" */
-#define hash_keep_alive_timeout 3878599515ul /* "keep-alive-timeout" */
-#define hash_listen_address 1255650842ul /* "listen-address" */
-#define hash_logdir 422889ul /* "logdir" */
-#define hash_logfile 2114766ul /* "logfile" */
-#define hash_permit_access 3587953268ul /* "permit-access" */
-#define hash_proxy_info_url 3903079059ul /* "proxy-info-url" */
-#define hash_single_threaded 4250084780ul /* "single-threaded" */
-#define hash_socket_timeout 1809001761ul /* "socket-timeout" */
-#define hash_split_large_cgi_forms 671658948ul /* "split-large-cgi-forms" */
-#define hash_suppress_blocklists 1948693308ul /* "suppress-blocklists" */
-#define hash_templdir 11067889ul /* "templdir" */
-#define hash_toggle 447966ul /* "toggle" */
-#define hash_trust_info_url 430331967ul /* "trust-info-url" */
-#define hash_trustfile 56494766ul /* "trustfile" */
-#define hash_usermanual 1416668518ul /* "user-manual" */
-#define hash_activity_animation 1817904738ul /* "activity-animation" */
-#define hash_close_button_minimizes 3651284693ul /* "close-button-minimizes" */
-#define hash_hide_console 2048809870ul /* "hide-console" */
-#define hash_log_buffer_size 2918070425ul /* "log-buffer-size" */
-#define hash_log_font_name 2866730124ul /* "log-font-name" */
-#define hash_log_font_size 2866731014ul /* "log-font-size" */
-#define hash_log_highlight_messages 4032101240ul /* "log-highlight-messages" */
-#define hash_log_max_lines 2868344173ul /* "log-max-lines" */
-#define hash_log_messages 2291744899ul /* "log-messages" */
-#define hash_show_on_task_bar 215410365ul /* "show-on-task-bar" */
+#define hash_actions_file 1196306641U /* "actionsfile" */
+#define hash_accept_intercepted_requests 1513024973U /* "accept-intercepted-requests" */
+#define hash_admin_address 4112573064U /* "admin-address" */
+#define hash_allow_cgi_request_crunching 258915987U /* "allow-cgi-request-crunching" */
+#define hash_buffer_limit 1881726070U /* "buffer-limit */
+#define hash_ca_cert_file 1622923720U /* "ca-cert-file" */
+#define hash_ca_directory 1623615670U /* "ca-directory" */
+#define hash_ca_key_file 1184187891U /* "ca-key-file" */
+#define hash_ca_password 1184543320U /* "ca-password" */
+#define hash_certificate_directory 1367994217U /* "certificate-directory" */
+#define hash_client_header_order 2701453514U /* "client-header-order" */
+#define hash_client_specific_tag 3353703383U /* "client-specific-tag" */
+#define hash_client_tag_lifetime 647957580U /* "client-tag-lifetime" */
+#define hash_compression_level 2464423563U /* "compression-level" */
+#define hash_confdir 1978389U /* "confdir" */
+#define hash_connection_sharing 1348841265U /* "connection-sharing" */
+#define hash_cors_allowed_origin 2769345637U /* "cors-allowed-origin" */
+#define hash_debug 78263U /* "debug" */
+#define hash_default_server_timeout 2530089913U /* "default-server-timeout" */
+#define hash_deny_access 1227333715U /* "deny-access" */
+#define hash_enable_accept_filter 2909040407U /* "enable-accept-filter" */
+#define hash_enable_edit_actions 2517097536U /* "enable-edit-actions" */
+#define hash_enable_compression 3943696946U /* "enable-compression" */
+#define hash_enable_proxy_authentication_forwarding 4040610791U /* enable-proxy-authentication-forwarding */
+#define hash_enable_remote_toggle 2979744683U /* "enable-remote-toggle" */
+#define hash_enable_remote_http_toggle 110543988U /* "enable-remote-http-toggle" */
+#define hash_enforce_blocks 1862427469U /* "enforce-blocks" */
+#define hash_filterfile 250887266U /* "filterfile" */
+#define hash_forward 2029845U /* "forward" */
+#define hash_forward_socks4 3963965521U /* "forward-socks4" */
+#define hash_forward_socks4a 2639958518U /* "forward-socks4a" */
+#define hash_forward_socks5 3963965522U /* "forward-socks5" */
+#define hash_forward_socks5t 2639958542U /* "forward-socks5t" */
+#define hash_forwarded_connect_retries 101465292U /* "forwarded-connect-retries" */
+#define hash_handle_as_empty_returns_ok 1444873247U /* "handle-as-empty-doc-returns-ok" */
+#define hash_hostname 10308071U /* "hostname" */
+#define hash_keep_alive_timeout 3878599515U /* "keep-alive-timeout" */
+#define hash_listen_address 1255650842U /* "listen-address" */
+#define hash_listen_backlog 1255655735U /* "listen-backlog" */
+#define hash_logdir 422889U /* "logdir" */
+#define hash_logfile 2114766U /* "logfile" */
+#define hash_max_client_connections 3595884446U /* "max-client-connections" */
+#define hash_permit_access 3587953268U /* "permit-access" */
+#define hash_proxy_info_url 3903079059U /* "proxy-info-url" */
+#define hash_receive_buffer_size 2880297454U /* "receive-buffer-size */
+#define hash_single_threaded 4250084780U /* "single-threaded" */
+#define hash_socket_timeout 1809001761U /* "socket-timeout" */
+#define hash_split_large_cgi_forms 671658948U /* "split-large-cgi-forms" */
+#define hash_suppress_blocklists 1948693308U /* "suppress-blocklists" */
+#define hash_templdir 11067889U /* "templdir" */
+#define hash_temporary_directory 1824125181U /* "temporary-directory" */
+#define hash_tolerate_pipelining 1360286620U /* "tolerate-pipelining" */
+#define hash_toggle 447966U /* "toggle" */
+#define hash_trust_info_url 430331967U /* "trust-info-url" */
+#define hash_trust_x_forwarded_for 2971537414U /* "trust-x-forwarded-for" */
+#define hash_trusted_cgi_referrer 4270883427U /* "trusted-cgi-referrer" */
+#define hash_trusted_cas_file 2679803024U /* "trusted-cas-files" */
+#define hash_trustfile 56494766U /* "trustfile" */
+#define hash_usermanual 1416668518U /* "user-manual" */
+#define hash_activity_animation 1817904738U /* "activity-animation" */
+#define hash_close_button_minimizes 3651284693U /* "close-button-minimizes" */
+#define hash_hide_console 2048809870U /* "hide-console" */
+#define hash_log_buffer_size 2918070425U /* "log-buffer-size" */
+#define hash_log_font_name 2866730124U /* "log-font-name" */
+#define hash_log_font_size 2866731014U /* "log-font-size" */
+#define hash_log_highlight_messages 4032101240U /* "log-highlight-messages" */
+#define hash_log_max_lines 2868344173U /* "log-max-lines" */
+#define hash_log_messages 2291744899U /* "log-messages" */
+#define hash_show_on_task_bar 215410365U /* "show-on-task-bar" */
static void savearg(char *command, char *argument, struct configuration_spec * config);
+#ifdef FEATURE_CLIENT_TAGS
+static void free_client_specific_tags(struct client_tag_spec *tag_list);
+#endif
/*********************************************************************
*
@@ -652,11 +239,9 @@ static void unload_configfile (void * data)
while (cur_fwd != NULL)
{
struct forward_spec * next_fwd = cur_fwd->next;
- free_url_spec(cur_fwd->url);
- freez(cur_fwd->gateway_host);
- freez(cur_fwd->forward_host);
- free(cur_fwd);
+ unload_forward_spec(cur_fwd);
+
cur_fwd = next_fwd;
}
config->forward = NULL;
@@ -665,8 +250,14 @@ static void unload_configfile (void * data)
freez(config->logdir);
freez(config->templdir);
freez(config->hostname);
+#ifdef FEATURE_EXTERNAL_FILTERS
+ freez(config->temporary_directory);
+#endif
- freez(config->haddr);
+ for (i = 0; i < MAX_LISTENING_SOCKETS; i++)
+ {
+ freez(config->haddr[i]);
+ }
freez(config->logfile);
for (i = 0; i < MAX_AF_FILES; i++)
@@ -677,20 +268,32 @@ static void unload_configfile (void * data)
freez(config->re_filterfile[i]);
}
+ list_remove_all(config->ordered_client_headers);
+
freez(config->admin_address);
+ freez(config->cors_allowed_origin);
freez(config->proxy_info_url);
freez(config->proxy_args);
freez(config->usermanual);
+ freez(config->trusted_cgi_referrer);
+
+#ifdef FEATURE_HTTPS_INSPECTION
+ freez(config->ca_password);
+ freez(config->ca_directory);
+ freez(config->ca_cert_file);
+ freez(config->ca_key_file);
+ freez(config->certificate_directory);
+ freez(config->trusted_cas_file);
+#endif
#ifdef FEATURE_TRUST
freez(config->trustfile);
list_remove_all(config->trust_info);
#endif /* def FEATURE_TRUST */
- for (i = 0; i < MAX_AF_FILES; i++)
- {
- freez(config->re_filterfile[i]);
- }
+#ifdef FEATURE_CLIENT_TAGS
+ free_client_specific_tags(config->client_tags);
+#endif
freez(config);
}
@@ -720,6 +323,241 @@ void unload_current_config_file(void)
#endif
+#ifdef FEATURE_CLIENT_TAGS
+/*********************************************************************
+ *
+ * Function : register_tag
+ *
+ * Description : Registers a client-specific-tag and its description
+ *
+ * Parameters :
+ * 1 : config: The tag list
+ * 2 : name: The name of the client-specific-tag
+ * 3 : description: The human-readable description for the tag
+ *
+ * Returns : N/A
+ *
+ *********************************************************************/
+static void register_tag(struct client_tag_spec *tag_list,
+ const char *name, const char *description)
+{
+ struct client_tag_spec *new_tag;
+ struct client_tag_spec *last_tag;
+
+ last_tag = tag_list;
+ while (last_tag->next != NULL)
+ {
+ last_tag = last_tag->next;
+ }
+ if (last_tag->name == NULL)
+ {
+ /* First entry */
+ new_tag = last_tag;
+ }
+ else
+ {
+ new_tag = zalloc_or_die(sizeof(struct client_tag_spec));
+ }
+ new_tag->name = strdup_or_die(name);
+ new_tag->description = strdup_or_die(description);
+ if (new_tag != last_tag)
+ {
+ last_tag->next = new_tag;
+ }
+}
+
+
+/*********************************************************************
+ *
+ * Function : free_client_specific_tags
+ *
+ * Description : Frees client-specific tags and their descriptions
+ *
+ * Parameters :
+ * 1 : tag_list: The tag list to free
+ *
+ * Returns : N/A
+ *
+ *********************************************************************/
+static void free_client_specific_tags(struct client_tag_spec *tag_list)
+{
+ struct client_tag_spec *this_tag;
+ struct client_tag_spec *next_tag;
+
+ next_tag = tag_list;
+ do
+ {
+ this_tag = next_tag;
+ next_tag = next_tag->next;
+
+ freez(this_tag->name);
+ freez(this_tag->description);
+
+ if (this_tag != tag_list)
+ {
+ freez(this_tag);
+ }
+ } while (next_tag != NULL);
+}
+#endif /* def FEATURE_CLIENT_TAGS */
+
+
+/*********************************************************************
+ *
+ * Function : parse_numeric_value
+ *
+ * Description : Parse the value of a directive that can only have
+ * a single numeric value. Terminates with a fatal error
+ * if the value is NULL or not numeric.
+ *
+ * Parameters :
+ * 1 : name: The name of the directive. Used for log messages.
+ * 2 : value: The value to parse
+ *
+ *
+ * Returns : The numerical value as integer
+ *
+ *********************************************************************/
+static int parse_numeric_value(const char *name, const char *value)
+{
+ int number;
+ char *endptr;
+
+ assert(name != NULL);
+ assert(value != NULL);
+
+ if ((value == NULL) || (*value == '\0'))
+ {
+ log_error(LOG_LEVEL_FATAL, "Directive %s used without argument", name);
+ }
+
+ number = (int)strtol(value, &endptr, 0);
+ if (*endptr != '\0')
+ {
+ log_error(LOG_LEVEL_FATAL,
+ "Directive '%s' used with non-numerical value: '%s'", name, value);
+ }
+
+ return number;
+
+}
+
+
+/*********************************************************************
+ *
+ * Function : parse_toggle_value
+ *
+ * Description : Parse the value of a directive that can only be
+ * enabled or disabled. Terminates with a fatal error
+ * if the value is NULL or something other than 0 or 1.
+ *
+ * Parameters :
+ * 1 : name: The name of the directive. Used for log messages.
+ * 2 : value: The value to parse
+ *
+ *
+ * Returns : The numerical toggle state
+ *
+ *********************************************************************/
+static int parse_toggle_state(const char *name, const char *value)
+{
+ int toggle_state;
+ assert(name != NULL);
+ assert(value != NULL);
+
+ if ((value == NULL) || (*value == '\0'))
+ {
+ log_error(LOG_LEVEL_FATAL, "Directive %s used without argument", name);
+ }
+
+ toggle_state = atoi(value);
+
+ /*
+ * Also check the length as atoi() doesn't mind
+ * garbage after a valid integer, but we do.
+ */
+ if (((toggle_state != 0) && (toggle_state != 1)) || (strlen(value) != 1))
+ {
+ log_error(LOG_LEVEL_FATAL,
+ "Directive %s used with invalid argument '%s'. Use either '0' or '1'.",
+ name, value);
+ }
+
+ return toggle_state;
+
+}
+
+
+/*********************************************************************
+ *
+ * Function : parse_client_header_order
+ *
+ * Description : Parse the value of the header-order directive
+ *
+ * Parameters :
+ * 1 : ordered_header_list: List to insert the ordered
+ * headers into.
+ * 2 : ordered_headers: The ordered header names separated
+ * by spaces or tabs.
+ *
+ *
+ * Returns : N/A
+ *
+ *********************************************************************/
+static void parse_client_header_order(struct list *ordered_header_list, const char *ordered_headers)
+{
+ char *original_headers_copy;
+ char **vector;
+ size_t max_segments;
+ int number_of_headers;
+ int i;
+
+ assert(ordered_header_list != NULL);
+ assert(ordered_headers != NULL);
+
+ if (ordered_headers == NULL)
+ {
+ log_error(LOG_LEVEL_FATAL, "header-order used without argument");
+ }
+
+ /*
+ * XXX: This estimate is guaranteed to be high enough as we
+ * let ssplit() ignore empty fields, but also a bit wasteful.
+ * The same hack is used in get_last_url() so it looks like
+ * a real solution is needed.
+ */
+ max_segments = strlen(ordered_headers) / 2;
+ if (max_segments == 0)
+ {
+ max_segments = 1;
+ }
+ vector = malloc_or_die(max_segments * sizeof(char *));
+
+ original_headers_copy = strdup_or_die(ordered_headers);
+
+ number_of_headers = ssplit(original_headers_copy, "\t ", vector, max_segments);
+ if (number_of_headers == -1)
+ {
+ log_error(LOG_LEVEL_FATAL, "Failed to split ordered headers");
+ }
+
+ for (i = 0; i < number_of_headers; i++)
+ {
+ if (JB_ERR_OK != enlist(ordered_header_list, vector[i]))
+ {
+ log_error(LOG_LEVEL_FATAL,
+ "Failed to enlist ordered header: %s", vector[i]);
+ }
+ }
+
+ freez(vector);
+ freez(original_headers_copy);
+
+ return;
+
+}
+
+
/*********************************************************************
*
* Function : load_config
@@ -736,7 +574,7 @@ void unload_current_config_file(void)
*********************************************************************/
struct configuration_spec * load_config(void)
{
- char buf[BUFFER_SIZE];
+ char *buf = NULL;
char *p, *q;
FILE *configfp = NULL;
struct configuration_spec * config = NULL;
@@ -744,20 +582,25 @@ struct configuration_spec * load_config(void)
struct file_list *fs;
unsigned long linenum = 0;
int i;
- char *logfile = NULL;
-#ifdef FEATURE_CONNECTION_KEEP_ALIVE
- int keep_alive_timeout = DEFAULT_KEEP_ALIVE_TIMEOUT;
+ char *logfile = NULL;
+#ifdef FEATURE_HTTPS_INSPECTION
+ char *ca_cert_file = NULL;
+ char *ca_key_file = NULL;
+ char *ca_directory = NULL;
+ char *trusted_cas_file = NULL;
+ char *certificate_directory = NULL;
#endif
- if ( !check_file_changed(current_configfile, configfile, &fs))
+ if (!check_file_changed(current_configfile, configfile, &fs))
{
/* No need to load */
return ((struct configuration_spec *)current_configfile->f);
}
- if (!fs)
+ if (NULL == fs)
{
- log_error(LOG_LEVEL_FATAL, "can't check configuration file '%s': %E",
- configfile);
+ log_error(LOG_LEVEL_FATAL,
+ "can't check configuration file '%s': %E", configfile);
+ return NULL;
}
if (NULL != current_configfile)
@@ -766,18 +609,10 @@ struct configuration_spec * load_config(void)
}
#ifdef FEATURE_TOGGLE
- global_toggle_state = 1;
+ global_toggle_state = 1;
#endif /* def FEATURE_TOGGLE */
- fs->f = config = (struct configuration_spec *)zalloc(sizeof(*config));
-
- if (config==NULL)
- {
- freez(fs->filename);
- freez(fs);
- log_error(LOG_LEVEL_FATAL, "can't allocate memory for configuration");
- /* Never get here - LOG_LEVEL_FATAL causes program exit */
- }
+ fs->f = config = zalloc_or_die(sizeof(*config));
/*
* This is backwards from how it's usually done.
@@ -794,24 +629,66 @@ struct configuration_spec * load_config(void)
* Set to defaults
*/
config->multi_threaded = 1;
- config->hport = HADDR_PORT;
config->buffer_limit = 4096 * 1024;
- config->usermanual = strdup(USER_MANUAL_URL);
- config->proxy_args = strdup("");
+ config->receive_buffer_size = BUFFER_SIZE;
+ config->usermanual = strdup_or_die(USER_MANUAL_URL);
+ config->proxy_args = strdup_or_die("");
config->forwarded_connect_retries = 0;
- config->socket_timeout = 180;
+#ifdef FEATURE_HTTPS_INSPECTION
+ config->ca_password = strdup("");
+ ca_cert_file = strdup("cacert.crt");
+ ca_key_file = strdup("cakey.pem");
+ ca_directory = strdup("./CA");
+ trusted_cas_file = strdup("trustedCAs.pem");
+ certificate_directory = strdup("./certs");
+#endif
+
+#ifdef FEATURE_CLIENT_TAGS
+ config->client_tag_lifetime = 60;
+#endif
+ config->trust_x_forwarded_for = 0;
+#if defined(FEATURE_ACCEPT_FILTER) && defined(SO_ACCEPTFILTER)
+ config->enable_accept_filter = 0;
+#endif
+ config->listen_backlog = DEFAULT_LISTEN_BACKLOG;
+ config->trusted_cgi_referrer = NULL;
+ /*
+ * 128 client sockets ought to be enough for everybody who can't
+ * be bothered to read the documentation to figure out how to
+ * increase the limit.
+ */
+ config->max_client_connections = 128;
+ config->socket_timeout = 300; /* XXX: Should be a macro. */
+#ifdef FEATURE_CONNECTION_KEEP_ALIVE
+ config->default_server_timeout = 0;
+ config->keep_alive_timeout = DEFAULT_KEEP_ALIVE_TIMEOUT;
+ config->feature_flags &= ~RUNTIME_FEATURE_CONNECTION_KEEP_ALIVE;
+ config->feature_flags &= ~RUNTIME_FEATURE_CONNECTION_SHARING;
+#endif
config->feature_flags &= ~RUNTIME_FEATURE_CGI_TOGGLE;
config->feature_flags &= ~RUNTIME_FEATURE_SPLIT_LARGE_FORMS;
config->feature_flags &= ~RUNTIME_FEATURE_ACCEPT_INTERCEPTED_REQUESTS;
+ config->feature_flags &= ~RUNTIME_FEATURE_EMPTY_DOC_RETURNS_OK;
+ config->feature_flags &= ~RUNTIME_FEATURE_FORWARD_PROXY_AUTHENTICATION_HEADERS;
+#ifdef FEATURE_COMPRESSION
+ config->feature_flags &= ~RUNTIME_FEATURE_COMPRESSION;
+ /*
+ * XXX: Run some benchmarks to see if there are better default values.
+ */
+ config->compression_level = 1;
+#endif
+ config->feature_flags &= ~RUNTIME_FEATURE_TOLERATE_PIPELINING;
+ config->cors_allowed_origin = NULL;
- if ((configfp = fopen(configfile, "r")) == NULL)
+ configfp = fopen(configfile, "r");
+ if (NULL == configfp)
{
- log_error(LOG_LEVEL_FATAL, "can't open configuration file '%s': %E",
- configfile);
+ log_error(LOG_LEVEL_FATAL,
+ "can't open configuration file '%s': %E", configfile);
/* Never get here - LOG_LEVEL_FATAL causes program exit */
}
- while (read_config_line(buf, sizeof(buf), configfp, &linenum) != NULL)
+ while (read_config_line(configfp, &linenum, &buf) != NULL)
{
char cmd[BUFFER_SIZE];
char arg[BUFFER_SIZE];
@@ -822,7 +699,7 @@ struct configuration_spec * load_config(void)
struct forward_spec *cur_fwd;
int vec_count;
char *vec[3];
- unsigned long directive_hash;
+ unsigned int directive_hash;
strlcpy(tmp, buf, sizeof(tmp));
@@ -842,26 +719,27 @@ struct configuration_spec * load_config(void)
}
/* Copy the argument into arg */
- strlcpy(arg, p, sizeof(arg));
+ if (strlcpy(arg, p, sizeof(arg)) >= sizeof(arg))
+ {
+ log_error(LOG_LEVEL_FATAL, "Config line too long: %s", buf);
+ }
/* Should never happen, but check this anyway */
if (*cmd == '\0')
{
+ freez(buf);
continue;
}
/* Make sure the command field is lower case */
- for (p=cmd; *p; p++)
+ for (p = cmd; *p; p++)
{
- if (ijb_isupper(*p))
+ if (privoxy_isupper(*p))
{
- *p = (char)ijb_tolower(*p);
+ *p = (char)privoxy_tolower(*p);
}
}
- /* Save the argument for show-proxy-args */
- savearg(cmd, arg, config);
-
directive_hash = hash_string(cmd);
switch (directive_hash)
{
@@ -882,15 +760,15 @@ struct configuration_spec * load_config(void)
"(You can increase this limit by changing MAX_AF_FILES in project.h and recompiling).",
MAX_AF_FILES);
}
- config->actions_file_short[i] = strdup(arg);
+ config->actions_file_short[i] = strdup_or_die(arg);
config->actions_file[i] = make_path(config->confdir, arg);
- continue;
+ break;
/* *************************************************************************
* accept-intercepted-requests
* *************************************************************************/
case hash_accept_intercepted_requests:
- if ((*arg != '\0') && (0 != atoi(arg)))
+ if (parse_toggle_state(cmd, arg) == 1)
{
config->feature_flags |= RUNTIME_FEATURE_ACCEPT_INTERCEPTED_REQUESTS;
}
@@ -898,21 +776,21 @@ struct configuration_spec * load_config(void)
{
config->feature_flags &= ~RUNTIME_FEATURE_ACCEPT_INTERCEPTED_REQUESTS;
}
- continue;
+ break;
/* *************************************************************************
* admin-address email-address
* *************************************************************************/
case hash_admin_address :
freez(config->admin_address);
- config->admin_address = strdup(arg);
- continue;
+ config->admin_address = strdup_or_die(arg);
+ break;
/* *************************************************************************
* allow-cgi-request-crunching
* *************************************************************************/
case hash_allow_cgi_request_crunching:
- if ((*arg != '\0') && (0 != atoi(arg)))
+ if (parse_toggle_state(cmd, arg) == 1)
{
config->feature_flags |= RUNTIME_FEATURE_CGI_CRUNCHING;
}
@@ -920,37 +798,168 @@ struct configuration_spec * load_config(void)
{
config->feature_flags &= ~RUNTIME_FEATURE_CGI_CRUNCHING;
}
- continue;
+ break;
/* *************************************************************************
* buffer-limit n
* *************************************************************************/
case hash_buffer_limit :
- config->buffer_limit = (size_t)(1024 * atoi(arg));
- continue;
+ config->buffer_limit = (size_t)(1024 * parse_numeric_value(cmd, arg));
+ break;
+
+/* *************************************************************************
+ * client-header-order header-1 header-2 ... header-n
+ * *************************************************************************/
+ case hash_client_header_order:
+ list_remove_all(config->ordered_client_headers);
+ parse_client_header_order(config->ordered_client_headers, arg);
+ break;
+
+/* *************************************************************************
+ * client-specific-tag tag-name description
+ * *************************************************************************/
+#ifdef FEATURE_CLIENT_TAGS
+ case hash_client_specific_tag:
+ {
+ char *name;
+ char *description;
+
+ name = arg;
+ description = strstr(arg, " ");
+ if (description == NULL)
+ {
+ log_error(LOG_LEVEL_FATAL,
+ "client-specific-tag '%s' lacks a description.", name);
+ }
+ *description = '\0';
+ /*
+ * The length is limited because we don't want truncated
+ * HTML caused by the cgi interface using static buffer
+ * sizes.
+ */
+ if (strlen(name) > CLIENT_TAG_LENGTH_MAX)
+ {
+ log_error(LOG_LEVEL_FATAL,
+ "client-specific-tag '%s' is longer than %d characters.",
+ name, CLIENT_TAG_LENGTH_MAX);
+ }
+ description++;
+ register_tag(config->client_tags, name, description);
+ }
+ break;
+#endif /* def FEATURE_CLIENT_TAGS */
+
+/* *************************************************************************
+ * client-tag-lifetime ttl
+ * *************************************************************************/
+#ifdef FEATURE_CLIENT_TAGS
+ case hash_client_tag_lifetime:
+ {
+ int ttl = parse_numeric_value(cmd, arg);
+ if (0 <= ttl)
+ {
+ config->client_tag_lifetime = (unsigned)ttl;
+ }
+ else
+ {
+ log_error(LOG_LEVEL_FATAL,
+ "client-tag-lifetime can't be negative.");
+ }
+ break;
+ }
+#endif /* def FEATURE_CLIENT_TAGS */
/* *************************************************************************
* confdir directory-name
* *************************************************************************/
case hash_confdir :
freez(config->confdir);
- config->confdir = make_path( NULL, arg);
- continue;
+ config->confdir = make_path(NULL, arg);
+ break;
+
+/* *************************************************************************
+ * compression-level 0-9
+ * *************************************************************************/
+#ifdef FEATURE_COMPRESSION
+ case hash_compression_level :
+ {
+ int compression_level = parse_numeric_value(cmd, arg);
+ if (-1 <= compression_level && compression_level <= 9)
+ {
+ config->compression_level = compression_level;
+ }
+ else
+ {
+ log_error(LOG_LEVEL_FATAL,
+ "Invalid compression-level value: %s", arg);
+ }
+ break;
+ }
+#endif
+
+/* *************************************************************************
+ * connection-sharing (0|1)
+ * *************************************************************************/
+#ifdef FEATURE_CONNECTION_SHARING
+ case hash_connection_sharing :
+ if (parse_toggle_state(cmd, arg) == 1)
+ {
+ config->feature_flags |= RUNTIME_FEATURE_CONNECTION_SHARING;
+ }
+ else
+ {
+ config->feature_flags &= ~RUNTIME_FEATURE_CONNECTION_SHARING;
+ }
+ break;
+#endif
+
+/* *************************************************************************
+ * cors-allowed-origin http://www.example.org
+ * *************************************************************************/
+ case hash_cors_allowed_origin :
+ /*
+ * We don't validate the specified referrer as
+ * it's only used for string comparison.
+ */
+ freez(config->cors_allowed_origin);
+ config->cors_allowed_origin = strdup_or_die(arg);
+ break;
/* *************************************************************************
* debug n
* Specifies debug level, multiple values are ORed together.
* *************************************************************************/
case hash_debug :
- config->debug |= atoi(arg);
- continue;
+ config->debug |= parse_numeric_value(cmd, arg);
+ break;
+
+/* *************************************************************************
+ * default-server-timeout timeout
+ * *************************************************************************/
+#ifdef FEATURE_CONNECTION_KEEP_ALIVE
+ case hash_default_server_timeout :
+ {
+ int timeout = parse_numeric_value(cmd, arg);
+ if (0 <= timeout)
+ {
+ config->default_server_timeout = (unsigned int)timeout;
+ }
+ else
+ {
+ log_error(LOG_LEVEL_FATAL,
+ "Invalid default-server-timeout value: %s", arg);
+ }
+ break;
+ }
+#endif
/* *************************************************************************
* deny-access source-ip[/significant-bits] [dest-ip[/significant-bits]]
* *************************************************************************/
#ifdef FEATURE_ACL
case hash_deny_access:
- vec_count = ssplit(arg, " \t", vec, SZ(vec), 1, 1);
+ strlcpy(tmp, arg, sizeof(tmp));
+ vec_count = ssplit(tmp, " \t", vec, SZ(vec));
if ((vec_count != 1) && (vec_count != 2))
{
@@ -959,18 +968,11 @@ struct configuration_spec * load_config(void)
string_append(&config->proxy_args,
"
\nWARNING: Wrong number of parameters for "
"deny-access directive in configuration file.
\n");
- continue;
+ break;
}
/* allocate a new node */
- cur_acl = (struct access_control_list *) zalloc(sizeof(*cur_acl));
-
- if (cur_acl == NULL)
- {
- log_error(LOG_LEVEL_FATAL, "can't allocate memory for configuration");
- /* Never get here - LOG_LEVEL_FATAL causes program exit */
- continue;
- }
+ cur_acl = zalloc_or_die(sizeof(*cur_acl));
cur_acl->action = ACL_DENY;
if (acl_addr(vec[0], cur_acl->src) < 0)
@@ -985,7 +987,7 @@ struct configuration_spec * load_config(void)
string_append(&config->proxy_args,
"\"
\n");
freez(cur_acl);
- continue;
+ break;
}
if (vec_count == 2)
{
@@ -1001,9 +1003,15 @@ struct configuration_spec * load_config(void)
string_append(&config->proxy_args,
"\"
\n");
freez(cur_acl);
- continue;
+ break;
}
}
+#ifdef HAVE_RFC2553
+ else
+ {
+ cur_acl->wildcard_dst = 1;
+ }
+#endif /* def HAVE_RFC2553 */
/*
* Add it to the list. Note we reverse the list to get the
@@ -1017,15 +1025,24 @@ struct configuration_spec * load_config(void)
cur_acl->next = config->acl;
config->acl = cur_acl;
- continue;
+ break;
#endif /* def FEATURE_ACL */
+#if defined(FEATURE_ACCEPT_FILTER) && defined(SO_ACCEPTFILTER)
+/* *************************************************************************
+ * enable-accept-filter 0|1
+ * *************************************************************************/
+ case hash_enable_accept_filter :
+ config->enable_accept_filter = parse_toggle_state(cmd, arg);
+ break;
+#endif /* defined(FEATURE_ACCEPT_FILTER) && defined(SO_ACCEPTFILTER) */
+
/* *************************************************************************
* enable-edit-actions 0|1
* *************************************************************************/
#ifdef FEATURE_CGI_EDIT_ACTIONS
case hash_enable_edit_actions:
- if ((*arg != '\0') && (0 != atoi(arg)))
+ if (parse_toggle_state(cmd, arg) == 1)
{
config->feature_flags |= RUNTIME_FEATURE_CGI_EDIT_ACTIONS;
}
@@ -1033,15 +1050,45 @@ struct configuration_spec * load_config(void)
{
config->feature_flags &= ~RUNTIME_FEATURE_CGI_EDIT_ACTIONS;
}
- continue;
+ break;
#endif /* def FEATURE_CGI_EDIT_ACTIONS */
+/* *************************************************************************
+ * enable-compression 0|1
+ * *************************************************************************/
+#ifdef FEATURE_COMPRESSION
+ case hash_enable_compression:
+ if (parse_toggle_state(cmd, arg) == 1)
+ {
+ config->feature_flags |= RUNTIME_FEATURE_COMPRESSION;
+ }
+ else
+ {
+ config->feature_flags &= ~RUNTIME_FEATURE_COMPRESSION;
+ }
+ break;
+#endif /* def FEATURE_COMPRESSION */
+
+/* *************************************************************************
+ * enable-proxy-authentication-forwarding 0|1
+ * *************************************************************************/
+ case hash_enable_proxy_authentication_forwarding:
+ if (parse_toggle_state(cmd, arg) == 1)
+ {
+ config->feature_flags |= RUNTIME_FEATURE_FORWARD_PROXY_AUTHENTICATION_HEADERS;
+ }
+ else
+ {
+ config->feature_flags &= ~RUNTIME_FEATURE_FORWARD_PROXY_AUTHENTICATION_HEADERS;
+ }
+ break;
+
/* *************************************************************************
* enable-remote-toggle 0|1
* *************************************************************************/
#ifdef FEATURE_TOGGLE
case hash_enable_remote_toggle:
- if ((*arg != '\0') && (0 != atoi(arg)))
+ if (parse_toggle_state(cmd, arg) == 1)
{
config->feature_flags |= RUNTIME_FEATURE_CGI_TOGGLE;
}
@@ -1049,14 +1096,14 @@ struct configuration_spec * load_config(void)
{
config->feature_flags &= ~RUNTIME_FEATURE_CGI_TOGGLE;
}
- continue;
+ break;
#endif /* def FEATURE_TOGGLE */
/* *************************************************************************
* enable-remote-http-toggle 0|1
* *************************************************************************/
case hash_enable_remote_http_toggle:
- if ((*arg != '\0') && (0 != atoi(arg)))
+ if (parse_toggle_state(cmd, arg) == 1)
{
config->feature_flags |= RUNTIME_FEATURE_HTTP_TOGGLE;
}
@@ -1064,14 +1111,14 @@ struct configuration_spec * load_config(void)
{
config->feature_flags &= ~RUNTIME_FEATURE_HTTP_TOGGLE;
}
- continue;
+ break;
/* *************************************************************************
* enforce-blocks 0|1
* *************************************************************************/
case hash_enforce_blocks:
#ifdef FEATURE_FORCE_LOAD
- if ((*arg != '\0') && (0 != atoi(arg)))
+ if (parse_toggle_state(cmd, arg) == 1)
{
config->feature_flags |= RUNTIME_FEATURE_ENFORCE_BLOCKS;
}
@@ -1083,7 +1130,7 @@ struct configuration_spec * load_config(void)
log_error(LOG_LEVEL_ERROR, "Ignoring directive 'enforce-blocks'. "
"FEATURE_FORCE_LOAD is disabled, blocks will always be enforced.");
#endif /* def FEATURE_FORCE_LOAD */
- continue;
+ break;
/* *************************************************************************
* filterfile file-name
@@ -1102,16 +1149,17 @@ struct configuration_spec * load_config(void)
"(You can increase this limit by changing MAX_AF_FILES in project.h and recompiling).",
MAX_AF_FILES);
}
- config->re_filterfile_short[i] = strdup(arg);
+ config->re_filterfile_short[i] = strdup_or_die(arg);
config->re_filterfile[i] = make_path(config->confdir, arg);
- continue;
+ break;
/* *************************************************************************
* forward url-pattern (.|http-proxy-host[:port])
* *************************************************************************/
case hash_forward:
- vec_count = ssplit(arg, " \t", vec, SZ(vec), 1, 1);
+ strlcpy(tmp, arg, sizeof(tmp));
+ vec_count = ssplit(tmp, " \t", vec, SZ(vec));
if (vec_count != 2)
{
@@ -1120,29 +1168,23 @@ struct configuration_spec * load_config(void)
string_append(&config->proxy_args,
"
\nWARNING: Wrong number of parameters for "
"forward directive in configuration file.");
- continue;
+ break;
}
/* allocate a new node */
- cur_fwd = zalloc(sizeof(*cur_fwd));
- if (cur_fwd == NULL)
- {
- log_error(LOG_LEVEL_FATAL, "can't allocate memory for configuration");
- /* Never get here - LOG_LEVEL_FATAL causes program exit */
- continue;
- }
-
+ cur_fwd = zalloc_or_die(sizeof(*cur_fwd));
cur_fwd->type = SOCKS_NONE;
/* Save the URL pattern */
- if (create_url_spec(cur_fwd->url, vec[0]))
+ if (create_pattern_spec(cur_fwd->url, vec[0]))
{
log_error(LOG_LEVEL_ERROR, "Bad URL specifier for forward "
"directive in configuration file.");
string_append(&config->proxy_args,
"
\nWARNING: Bad URL specifier for "
"forward directive in configuration file.");
- continue;
+ freez(cur_fwd);
+ break;
}
/* Parse the parent HTTP proxy host:port */
@@ -1150,31 +1192,24 @@ struct configuration_spec * load_config(void)
if (strcmp(p, ".") != 0)
{
- cur_fwd->forward_host = strdup(p);
-
- if (NULL != (p = strchr(cur_fwd->forward_host, ':')))
- {
- *p++ = '\0';
- cur_fwd->forward_port = atoi(p);
- }
-
- if (cur_fwd->forward_port <= 0)
- {
- cur_fwd->forward_port = 8000;
- }
+ cur_fwd->forward_port = 8000;
+ parse_forwarder_address(p,
+ &cur_fwd->forward_host, &cur_fwd->forward_port,
+ NULL, NULL);
}
/* Add to list. */
cur_fwd->next = config->forward;
config->forward = cur_fwd;
- continue;
+ break;
/* *************************************************************************
* forward-socks4 url-pattern socks-proxy[:port] (.|http-proxy[:port])
* *************************************************************************/
case hash_forward_socks4:
- vec_count = ssplit(arg, " \t", vec, SZ(vec), 1, 1);
+ strlcpy(tmp, arg, sizeof(tmp));
+ vec_count = ssplit(tmp, " \t", vec, SZ(vec));
if (vec_count != 3)
{
@@ -1183,47 +1218,35 @@ struct configuration_spec * load_config(void)
string_append(&config->proxy_args,
"
\nWARNING: Wrong number of parameters for "
"forward-socks4 directive in configuration file.");
- continue;
+ break;
}
/* allocate a new node */
- cur_fwd = zalloc(sizeof(*cur_fwd));
- if (cur_fwd == NULL)
- {
- log_error(LOG_LEVEL_FATAL, "can't allocate memory for configuration");
- /* Never get here - LOG_LEVEL_FATAL causes program exit */
- continue;
- }
-
+ cur_fwd = zalloc_or_die(sizeof(*cur_fwd));
cur_fwd->type = SOCKS_4;
/* Save the URL pattern */
- if (create_url_spec(cur_fwd->url, vec[0]))
+ if (create_pattern_spec(cur_fwd->url, vec[0]))
{
log_error(LOG_LEVEL_ERROR, "Bad URL specifier for forward-socks4 "
"directive in configuration file.");
string_append(&config->proxy_args,
"
\nWARNING: Bad URL specifier for "
"forward-socks4 directive in configuration file.");
- continue;
+ freez(cur_fwd);
+ break;
}
/* Parse the SOCKS proxy host[:port] */
p = vec[1];
+ /* XXX: This check looks like a bug. */
if (strcmp(p, ".") != 0)
{
- cur_fwd->gateway_host = strdup(p);
-
- if (NULL != (p = strchr(cur_fwd->gateway_host, ':')))
- {
- *p++ = '\0';
- cur_fwd->gateway_port = atoi(p);
- }
- if (cur_fwd->gateway_port <= 0)
- {
- cur_fwd->gateway_port = 1080;
- }
+ cur_fwd->gateway_port = 1080;
+ parse_forwarder_address(p,
+ &cur_fwd->gateway_host, &cur_fwd->gateway_port,
+ NULL, NULL);
}
/* Parse the parent HTTP proxy host[:port] */
@@ -1231,159 +1254,182 @@ struct configuration_spec * load_config(void)
if (strcmp(p, ".") != 0)
{
- cur_fwd->forward_host = strdup(p);
-
- if (NULL != (p = strchr(cur_fwd->forward_host, ':')))
- {
- *p++ = '\0';
- cur_fwd->forward_port = atoi(p);
- }
-
- if (cur_fwd->forward_port <= 0)
- {
- cur_fwd->forward_port = 8000;
- }
+ cur_fwd->forward_port = 8000;
+ parse_forwarder_address(p,
+ &cur_fwd->forward_host, &cur_fwd->forward_port,
+ NULL, NULL);
}
/* Add to list. */
cur_fwd->next = config->forward;
config->forward = cur_fwd;
- continue;
+ break;
/* *************************************************************************
* forward-socks4a url-pattern socks-proxy[:port] (.|http-proxy[:port])
* *************************************************************************/
case hash_forward_socks4a:
case hash_forward_socks5:
- vec_count = ssplit(arg, " \t", vec, SZ(vec), 1, 1);
+ case hash_forward_socks5t:
+ strlcpy(tmp, arg, sizeof(tmp));
+ vec_count = ssplit(tmp, " \t", vec, SZ(vec));
if (vec_count != 3)
{
- log_error(LOG_LEVEL_ERROR, "Wrong number of parameters for "
- "forward-socks4a directive in configuration file.");
+ log_error(LOG_LEVEL_ERROR,
+ "Wrong number of parameters for %s in configuration file.",
+ cmd);
string_append(&config->proxy_args,
- "
\nWARNING: Wrong number of parameters for "
- "forward-socks4a directive in configuration file.");
- continue;
+ "
\nWARNING: Wrong number of parameters for ");
+ string_append(&config->proxy_args, cmd);
+ string_append(&config->proxy_args,
+ "directive in configuration file.");
+ break;
}
/* allocate a new node */
- cur_fwd = zalloc(sizeof(*cur_fwd));
- if (cur_fwd == NULL)
- {
- log_error(LOG_LEVEL_FATAL, "can't allocate memory for configuration");
- /* Never get here - LOG_LEVEL_FATAL causes program exit */
- continue;
- }
+ cur_fwd = zalloc_or_die(sizeof(*cur_fwd));
if (directive_hash == hash_forward_socks4a)
{
cur_fwd->type = SOCKS_4A;
}
- else
+ else if (directive_hash == hash_forward_socks5)
{
cur_fwd->type = SOCKS_5;
}
+ else
+ {
+ assert(directive_hash == hash_forward_socks5t);
+ cur_fwd->type = SOCKS_5T;
+ }
/* Save the URL pattern */
- if (create_url_spec(cur_fwd->url, vec[0]))
+ if (create_pattern_spec(cur_fwd->url, vec[0]))
{
- log_error(LOG_LEVEL_ERROR, "Bad URL specifier for forward-socks4a "
- "directive in configuration file.");
+ log_error(LOG_LEVEL_ERROR,
+ "Bad URL specifier for %s in configuration file.",
+ cmd);
string_append(&config->proxy_args,
- "
\nWARNING: Bad URL specifier for "
- "forward-socks4a directive in configuration file.");
- continue;
+ "
\nWARNING: Bad URL specifier for ");
+ string_append(&config->proxy_args, cmd);
+ string_append(&config->proxy_args,
+ "directive in configuration file.");
+ freez(cur_fwd);
+ break;
}
- /* Parse the SOCKS proxy host[:port] */
+ /* Parse the SOCKS proxy [user:pass@]host[:port] */
p = vec[1];
- cur_fwd->gateway_host = strdup(p);
-
- if (NULL != (p = strchr(cur_fwd->gateway_host, ':')))
- {
- *p++ = '\0';
- cur_fwd->gateway_port = atoi(p);
- }
- if (cur_fwd->gateway_port <= 0)
- {
- cur_fwd->gateway_port = 1080;
- }
+ cur_fwd->gateway_port = 1080;
+ parse_forwarder_address(p,
+ &cur_fwd->gateway_host, &cur_fwd->gateway_port,
+ &cur_fwd->auth_username, &cur_fwd->auth_password);
/* Parse the parent HTTP proxy host[:port] */
p = vec[2];
if (strcmp(p, ".") != 0)
{
- cur_fwd->forward_host = strdup(p);
-
- if (NULL != (p = strchr(cur_fwd->forward_host, ':')))
- {
- *p++ = '\0';
- cur_fwd->forward_port = atoi(p);
- }
-
- if (cur_fwd->forward_port <= 0)
- {
- cur_fwd->forward_port = 8000;
- }
+ cur_fwd->forward_port = 8000;
+ parse_forwarder_address(p,
+ &cur_fwd->forward_host, &cur_fwd->forward_port,
+ NULL, NULL);
}
/* Add to list. */
cur_fwd->next = config->forward;
config->forward = cur_fwd;
- continue;
+ break;
/* *************************************************************************
* forwarded-connect-retries n
* *************************************************************************/
case hash_forwarded_connect_retries :
- config->forwarded_connect_retries = atoi(arg);
- continue;
+ config->forwarded_connect_retries = parse_numeric_value(cmd, arg);
+ break;
+
+/* *************************************************************************
+ * handle-as-empty-doc-returns-ok 0|1
+ *
+ * Workaround for firefox hanging on blocked javascript pages.
+ * Block with the "+handle-as-empty-document" flag and set the
+ * "handle-as-empty-doc-returns-ok" run-time config flag so that
+ * Privoxy returns a 200/OK status instead of a 403/Forbidden status
+ * to the browser for blocked pages.
+ ***************************************************************************/
+ case hash_handle_as_empty_returns_ok:
+ if (parse_toggle_state(cmd, arg) == 1)
+ {
+ config->feature_flags |= RUNTIME_FEATURE_EMPTY_DOC_RETURNS_OK;
+ }
+ else
+ {
+ config->feature_flags &= ~RUNTIME_FEATURE_EMPTY_DOC_RETURNS_OK;
+ }
+ break;
/* *************************************************************************
* hostname hostname-to-show-on-cgi-pages
* *************************************************************************/
case hash_hostname :
freez(config->hostname);
- config->hostname = strdup(arg);
- if (NULL == config->hostname)
- {
- log_error(LOG_LEVEL_FATAL, "Out of memory saving hostname.");
- }
- continue;
+ config->hostname = strdup_or_die(arg);
+ break;
/* *************************************************************************
* keep-alive-timeout timeout
* *************************************************************************/
#ifdef FEATURE_CONNECTION_KEEP_ALIVE
case hash_keep_alive_timeout :
- if (*arg != '\0')
+ {
+ int timeout = parse_numeric_value(cmd, arg);
+ if (0 < timeout)
{
- int timeout = atoi(arg);
- if (0 <= timeout)
- {
- config->feature_flags |= RUNTIME_FEATURE_CONNECTION_KEEP_ALIVE;
- keep_alive_timeout = timeout;
- }
- else
- {
- config->feature_flags &= ~RUNTIME_FEATURE_CONNECTION_KEEP_ALIVE;
- }
+ config->feature_flags |= RUNTIME_FEATURE_CONNECTION_KEEP_ALIVE;
+ config->keep_alive_timeout = (unsigned int)timeout;
+ }
+ else
+ {
+ config->feature_flags &= ~RUNTIME_FEATURE_CONNECTION_KEEP_ALIVE;
}
- continue;
+ break;
+ }
#endif
/* *************************************************************************
* listen-address [ip][:port]
* *************************************************************************/
case hash_listen_address :
- freez(config->haddr);
- config->haddr = strdup(arg);
- continue;
+ i = 0;
+ while ((i < MAX_LISTENING_SOCKETS) && (NULL != config->haddr[i]))
+ {
+ i++;
+ }
+
+ if (i >= MAX_LISTENING_SOCKETS)
+ {
+ log_error(LOG_LEVEL_FATAL, "Too many 'listen-address' directives in config file - limit is %d.\n"
+ "(You can increase this limit by changing MAX_LISTENING_SOCKETS in project.h and recompiling).",
+ MAX_LISTENING_SOCKETS);
+ }
+ config->haddr[i] = strdup_or_die(arg);
+ break;
+
+/* *************************************************************************
+ * listen-backlog n
+ * *************************************************************************/
+ case hash_listen_backlog :
+ /*
+ * We don't enfore an upper or lower limit because on
+ * many platforms all values are valid and negative
+ * number mean "use the highest value allowed".
+ */
+ config->listen_backlog = parse_numeric_value(cmd, arg);
+ break;
/* *************************************************************************
* logdir directory-name
@@ -1391,14 +1437,14 @@ struct configuration_spec * load_config(void)
case hash_logdir :
freez(config->logdir);
config->logdir = make_path(NULL, arg);
- continue;
+ break;
/* *************************************************************************
* logfile log-file-name
* In logdir by default
* *************************************************************************/
case hash_logfile :
- if (!no_daemon)
+ if (daemon_mode)
{
logfile = make_path(config->logdir, arg);
if (NULL == logfile)
@@ -1406,14 +1452,63 @@ struct configuration_spec * load_config(void)
log_error(LOG_LEVEL_FATAL, "Out of memory while creating logfile path");
}
}
- continue;
+ break;
+
+/* *************************************************************************
+ * max-client-connections number
+ * *************************************************************************/
+ case hash_max_client_connections :
+ {
+ int max_client_connections = parse_numeric_value(cmd, arg);
+
+#if !defined(_WIN32) && !defined(HAVE_POLL)
+ /*
+ * Reject values below 1 for obvious reasons and values above
+ * FD_SETSIZE/2 because Privoxy needs two sockets to serve
+ * client connections that need forwarding.
+ *
+ * We ignore the fact that the first three file descriptors
+ * are usually set to /dev/null, one is used for logging
+ * and yet another file descriptor is required to load
+ * config files.
+ */
+ if ((max_client_connections < 1) || (FD_SETSIZE/2 < max_client_connections))
+ {
+ log_error(LOG_LEVEL_FATAL, "max-client-connections value %d"
+ " is invalid. Value needs to be above 1 and below %d"
+ " (FD_SETSIZE/2).", max_client_connections, FD_SETSIZE/2);
+ }
+#else
+ /*
+ * The Windows libc uses FD_SETSIZE for an array used
+ * by select(), but has no problems with file descriptors
+ * above the limit as long as no more than FD_SETSIZE are
+ * passed to select().
+ * https://msdn.microsoft.com/en-us/library/windows/desktop/ms739169%28v=vs.85%29.aspx
+ *
+ * On platforms were we use poll() we don't have to enforce
+ * an upper connection limit either.
+ *
+ * XXX: Do OS/2 etc. belong here as well?
+ */
+ if (max_client_connections < 1)
+ {
+ log_error(LOG_LEVEL_FATAL, "max-client-connections value"
+ " has to be a number above 1. %d is invalid.",
+ max_client_connections);
+ }
+#endif
+ config->max_client_connections = max_client_connections;
+ break;
+ }
/* *************************************************************************
* permit-access source-ip[/significant-bits] [dest-ip[/significant-bits]]
* *************************************************************************/
#ifdef FEATURE_ACL
case hash_permit_access:
- vec_count = ssplit(arg, " \t", vec, SZ(vec), 1, 1);
+ strlcpy(tmp, arg, sizeof(tmp));
+ vec_count = ssplit(tmp, " \t", vec, SZ(vec));
if ((vec_count != 1) && (vec_count != 2))
{
@@ -1423,18 +1518,11 @@ struct configuration_spec * load_config(void)
"
\nWARNING: Wrong number of parameters for "
"permit-access directive in configuration file.
\n");
- continue;
+ break;
}
/* allocate a new node */
- cur_acl = (struct access_control_list *) zalloc(sizeof(*cur_acl));
-
- if (cur_acl == NULL)
- {
- log_error(LOG_LEVEL_FATAL, "can't allocate memory for configuration");
- /* Never get here - LOG_LEVEL_FATAL causes program exit */
- continue;
- }
+ cur_acl = zalloc_or_die(sizeof(*cur_acl));
cur_acl->action = ACL_PERMIT;
if (acl_addr(vec[0], cur_acl->src) < 0)
@@ -1449,7 +1537,7 @@ struct configuration_spec * load_config(void)
string_append(&config->proxy_args,
"\"
\n");
freez(cur_acl);
- continue;
+ break;
}
if (vec_count == 2)
{
@@ -1465,9 +1553,15 @@ struct configuration_spec * load_config(void)
string_append(&config->proxy_args,
"\"
\n");
freez(cur_acl);
- continue;
+ break;
}
}
+#ifdef HAVE_RFC2553
+ else
+ {
+ cur_acl->wildcard_dst = 1;
+ }
+#endif /* def HAVE_RFC2553 */
/*
* Add it to the list. Note we reverse the list to get the
@@ -1481,7 +1575,7 @@ struct configuration_spec * load_config(void)
cur_acl->next = config->acl;
config->acl = cur_acl;
- continue;
+ break;
#endif /* def FEATURE_ACL */
/* *************************************************************************
@@ -1489,40 +1583,53 @@ struct configuration_spec * load_config(void)
* *************************************************************************/
case hash_proxy_info_url :
freez(config->proxy_info_url);
- config->proxy_info_url = strdup(arg);
- continue;
+ config->proxy_info_url = strdup_or_die(arg);
+ break;
+
+
+/* *************************************************************************
+ * receive-buffer-size n
+ * *************************************************************************/
+ case hash_receive_buffer_size :
+ config->receive_buffer_size = (size_t)parse_numeric_value(cmd, arg);
+ if (config->receive_buffer_size < BUFFER_SIZE)
+ {
+ log_error(LOG_LEVEL_INFO,
+ "receive-buffer-size %d seems low and may cause problems."
+ "Consider setting it to at least %d.",
+ config->receive_buffer_size, BUFFER_SIZE);
+ }
+ break;
/* *************************************************************************
- * single-threaded
+ * single-threaded 0|1
* *************************************************************************/
case hash_single_threaded :
- config->multi_threaded = 0;
- continue;
+ config->multi_threaded = 0 == parse_toggle_state(cmd, arg);
+ break;
/* *************************************************************************
* socket-timeout numer_of_seconds
* *************************************************************************/
case hash_socket_timeout :
- if (*arg != '\0')
+ {
+ int socket_timeout = parse_numeric_value(cmd, arg);
+ if (0 <= socket_timeout)
{
- int socket_timeout = atoi(arg);
- if (0 < socket_timeout)
- {
- config->socket_timeout = socket_timeout;
- }
- else
- {
- log_error(LOG_LEVEL_FATAL,
- "Invalid socket-timeout: '%s'", arg);
- }
+ config->socket_timeout = socket_timeout;
+ }
+ else
+ {
+ log_error(LOG_LEVEL_FATAL, "Invalid socket-timeout: '%s'", arg);
}
- continue;
+ break;
+ }
/* *************************************************************************
* split-large-cgi-forms
* *************************************************************************/
case hash_split_large_cgi_forms :
- if ((*arg != '\0') && (0 != atoi(arg)))
+ if (parse_toggle_state(cmd, arg) == 1)
{
config->feature_flags |= RUNTIME_FEATURE_SPLIT_LARGE_FORMS;
}
@@ -1530,7 +1637,7 @@ struct configuration_spec * load_config(void)
{
config->feature_flags &= ~RUNTIME_FEATURE_SPLIT_LARGE_FORMS;
}
- continue;
+ break;
/* *************************************************************************
* templdir directory-name
@@ -1538,15 +1645,39 @@ struct configuration_spec * load_config(void)
case hash_templdir :
freez(config->templdir);
config->templdir = make_path(NULL, arg);
- continue;
+ break;
+
+#ifdef FEATURE_EXTERNAL_FILTERS
+/* *************************************************************************
+ * temporary-directory directory-name
+ * *************************************************************************/
+ case hash_temporary_directory :
+ freez(config->temporary_directory);
+ config->temporary_directory = make_path(NULL, arg);
+ break;
+#endif
+
+/* *************************************************************************
+ * tolerate-pipelining (0|1)
+ * *************************************************************************/
+ case hash_tolerate_pipelining :
+ if (parse_toggle_state(cmd, arg) == 1)
+ {
+ config->feature_flags |= RUNTIME_FEATURE_TOLERATE_PIPELINING;
+ }
+ else
+ {
+ config->feature_flags &= ~RUNTIME_FEATURE_TOLERATE_PIPELINING;
+ }
+ break;
/* *************************************************************************
* toggle (0|1)
* *************************************************************************/
#ifdef FEATURE_TOGGLE
case hash_toggle :
- global_toggle_state = atoi(arg);
- continue;
+ global_toggle_state = parse_toggle_state(cmd, arg);
+ break;
#endif /* def FEATURE_TOGGLE */
/* *************************************************************************
@@ -1555,9 +1686,28 @@ struct configuration_spec * load_config(void)
#ifdef FEATURE_TRUST
case hash_trust_info_url :
enlist(config->trust_info, arg);
- continue;
+ break;
#endif /* def FEATURE_TRUST */
+/* *************************************************************************
+ * trust-x-forwarded-for (0|1)
+ * *************************************************************************/
+ case hash_trust_x_forwarded_for :
+ config->trust_x_forwarded_for = parse_toggle_state(cmd, arg);
+ break;
+
+/* *************************************************************************
+ * trusted-cgi-referrer http://www.example.org/some/path.html
+ * *************************************************************************/
+ case hash_trusted_cgi_referrer :
+ /*
+ * We don't validate the specified referrer as
+ * it's only used for string comparison.
+ */
+ freez(config->trusted_cgi_referrer);
+ config->trusted_cgi_referrer = strdup_or_die(arg);
+ break;
+
/* *************************************************************************
* trustfile filename
* (In confdir by default.)
@@ -1566,16 +1716,104 @@ struct configuration_spec * load_config(void)
case hash_trustfile :
freez(config->trustfile);
config->trustfile = make_path(config->confdir, arg);
- continue;
+ break;
#endif /* def FEATURE_TRUST */
/* *************************************************************************
* usermanual url
* *************************************************************************/
case hash_usermanual :
+ /*
+ * XXX: If this isn't the first config directive, the
+ * show-status page links to the website documentation
+ * for the directives that were already parsed. Lame.
+ */
freez(config->usermanual);
- config->usermanual = strdup(arg);
- continue;
+ config->usermanual = strdup_or_die(arg);
+ break;
+
+#ifdef FEATURE_HTTPS_INSPECTION
+/* *************************************************************************
+ * ca private key file password
+ * *************************************************************************/
+ case hash_ca_password:
+ freez(config->ca_password);
+ config->ca_password = strdup(arg);
+ break;
+
+/* *************************************************************************
+ * ca-directory directory
+ * *************************************************************************/
+ case hash_ca_directory:
+ freez(ca_directory);
+ ca_directory = make_path(NULL, arg);
+
+ if (NULL == ca_directory)
+ {
+ log_error(LOG_LEVEL_FATAL, "Out of memory while creating ca dir path");
+ }
+
+ break;
+
+/* *************************************************************************
+ * ca cert file ca-cert-file
+ * In ca dir by default
+ * *************************************************************************/
+ case hash_ca_cert_file:
+ freez(ca_cert_file);
+ ca_cert_file = make_path(config->ca_directory, arg);
+
+ if (NULL == ca_cert_file)
+ {
+ log_error(LOG_LEVEL_FATAL, "Out of memory while creating ca certificate file path");
+ }
+
+ break;
+
+/* *************************************************************************
+ * ca key file ca-key-file
+ * In ca dir by default
+ * *************************************************************************/
+ case hash_ca_key_file:
+ freez(ca_key_file);
+ ca_key_file = make_path(config->ca_directory, arg);
+
+ if (NULL == ca_key_file)
+ {
+ log_error(LOG_LEVEL_FATAL, "Out of memory while creating ca key file path");
+ }
+
+ break;
+
+/* *************************************************************************
+ * certificate-directory directory
+ * *************************************************************************/
+ case hash_certificate_directory:
+ freez(certificate_directory);
+ certificate_directory = make_path(NULL, arg);
+
+ if (NULL == certificate_directory)
+ {
+ log_error(LOG_LEVEL_FATAL,
+ "Out of memory while creating certificate directory path");
+ }
+
+ break;
+
+/* *************************************************************************
+ * trusted CAs file name trusted-cas-file
+ * *************************************************************************/
+ case hash_trusted_cas_file:
+ freez(trusted_cas_file);
+ trusted_cas_file = make_path(config->ca_directory, arg);
+
+ if (NULL == trusted_cas_file)
+ {
+ log_error(LOG_LEVEL_FATAL, "Out of memory while creating trusted CAs file path");
+ }
+
+ break;
+#endif
/* *************************************************************************
* Win32 Console options:
@@ -1587,7 +1825,7 @@ struct configuration_spec * load_config(void)
#ifdef _WIN_CONSOLE
case hash_hide_console :
hideConsole = 1;
- continue;
+ break;
#endif /*def _WIN_CONSOLE*/
@@ -1600,64 +1838,70 @@ struct configuration_spec * load_config(void)
* activity-animation (0|1)
* *************************************************************************/
case hash_activity_animation :
- g_bShowActivityAnimation = atoi(arg);
- continue;
+ g_bShowActivityAnimation = parse_toggle_state(cmd, arg);
+ break;
/* *************************************************************************
* close-button-minimizes (0|1)
* *************************************************************************/
case hash_close_button_minimizes :
- g_bCloseHidesWindow = atoi(arg);
- continue;
+ g_bCloseHidesWindow = parse_toggle_state(cmd, arg);
+ break;
/* *************************************************************************
* log-buffer-size (0|1)
* *************************************************************************/
case hash_log_buffer_size :
- g_bLimitBufferSize = atoi(arg);
- continue;
+ g_bLimitBufferSize = parse_toggle_state(cmd, arg);
+ break;
/* *************************************************************************
- * log-font-name fontnane
+ * log-font-name fontname
* *************************************************************************/
case hash_log_font_name :
- strcpy( g_szFontFaceName, arg );
- continue;
+ if (strlcpy(g_szFontFaceName, arg,
+ sizeof(g_szFontFaceName)) >= sizeof(g_szFontFaceName))
+ {
+ log_error(LOG_LEVEL_FATAL,
+ "log-font-name argument '%s' is longer than %u characters.",
+ arg, sizeof(g_szFontFaceName)-1);
+ }
+ break;
/* *************************************************************************
* log-font-size n
* *************************************************************************/
case hash_log_font_size :
- g_nFontSize = atoi(arg);
- continue;
+ g_nFontSize = parse_numeric_value(cmd, arg);
+ break;
/* *************************************************************************
* log-highlight-messages (0|1)
* *************************************************************************/
case hash_log_highlight_messages :
- g_bHighlightMessages = atoi(arg);
- continue;
+ g_bHighlightMessages = parse_toggle_state(cmd, arg);
+ break;
/* *************************************************************************
* log-max-lines n
* *************************************************************************/
case hash_log_max_lines :
- g_nMaxBufferLines = atoi(arg);
- continue;
+ g_nMaxBufferLines = parse_numeric_value(cmd, arg);
+ break;
/* *************************************************************************
* log-messages (0|1)
* *************************************************************************/
case hash_log_messages :
- g_bLogMessages = atoi(arg);
- continue;
+ g_bLogMessages = parse_toggle_state(cmd, arg);
+ break;
/* *************************************************************************
* show-on-task-bar (0|1)
* *************************************************************************/
case hash_show_on_task_bar :
- g_bShowOnTaskBar = atoi(arg);
- continue;
+ g_bShowOnTaskBar = parse_toggle_state(cmd, arg);
+ break;
#endif /* defined(_WIN32) && ! defined(_WIN_CONSOLE) */
@@ -1702,7 +1946,7 @@ struct configuration_spec * load_config(void)
#endif /* defined(_WIN_CONSOLE) || ! defined(_WIN32) */
/* These warnings are annoying - so hide them. -- Jon */
/* log_error(LOG_LEVEL_INFO, "Unsupported directive \"%s\" ignored.", cmd); */
- continue;
+ break;
/* *************************************************************************/
default :
@@ -1712,15 +1956,20 @@ struct configuration_spec * load_config(void)
* error. To change back to an error, just change log level
* to LOG_LEVEL_FATAL.
*/
- log_error(LOG_LEVEL_ERROR, "Ignoring unrecognized directive '%s' (%luul) in line %lu "
- "in configuration file (%s).", buf, directive_hash, linenum, configfile);
+ log_error(LOG_LEVEL_ERROR, "Ignoring unrecognized directive "
+ "'%s' (%uU) in line %lu in configuration file (%s).",
+ buf, directive_hash, linenum, configfile);
string_append(&config->proxy_args,
- " Warning: ignored unrecognized directive above.
");
- continue;
+ " Warning: Ignoring unrecognized directive:");
+ break;
/* *************************************************************************/
- } /* end switch( hash_string(cmd) ) */
- } /* end while ( read_config_line(...) ) */
+ } /* end switch(hash_string(cmd)) */
+
+ /* Save the argument for the show-status page. */
+ savearg(cmd, arg, config);
+ freez(buf);
+ } /* end while (read_config_line(...)) */
fclose(configfp);
@@ -1728,7 +1977,7 @@ struct configuration_spec * load_config(void)
freez(config->logfile);
- if (!no_daemon)
+ if (daemon_mode)
{
if (NULL != logfile)
{
@@ -1741,41 +1990,79 @@ struct configuration_spec * load_config(void)
}
}
+#ifdef FEATURE_HTTPS_INSPECTION
+ /*
+ * Setting SSL parameters from loaded values into structures
+ */
+ freez(config->ca_directory);
+ config->ca_directory = make_path(NULL, ca_directory);
+ freez(ca_directory);
+
+ freez(config->ca_cert_file);
+ config->ca_cert_file = make_path(config->ca_directory, ca_cert_file);
+ freez(ca_cert_file);
+
+ freez(config->ca_key_file);
+ config->ca_key_file = make_path(config->ca_directory, ca_key_file);
+ freez(ca_key_file);
+
+ freez(config->trusted_cas_file);
+ config->trusted_cas_file = make_path(config->ca_directory, trusted_cas_file);
+ freez(trusted_cas_file);
+
+ freez(config->certificate_directory);
+ config->certificate_directory = make_path(NULL, certificate_directory);
+ freez(certificate_directory);
+#endif
#ifdef FEATURE_CONNECTION_KEEP_ALIVE
+ if (config->default_server_timeout > config->keep_alive_timeout)
+ {
+ log_error(LOG_LEVEL_ERROR,
+ "Reducing the default-server-timeout from %d to the keep-alive-timeout %d.",
+ config->default_server_timeout, config->keep_alive_timeout);
+ config->default_server_timeout = config->keep_alive_timeout;
+ }
+#endif /* def FEATURE_CONNECTION_KEEP_ALIVE */
+
+#ifdef FEATURE_CONNECTION_SHARING
if (config->feature_flags & RUNTIME_FEATURE_CONNECTION_KEEP_ALIVE)
{
- if (config->multi_threaded)
- {
- set_keep_alive_timeout(keep_alive_timeout);
- }
- else
+ if (!config->multi_threaded)
{
/*
* While we could use keep-alive without multiple threads
* if we didn't bother with enforcing the connection timeout,
* that might make Tor users sad, even though they shouldn't
* enable the single-threaded option anyway.
+ *
+ * XXX: We could still use Proxy-Connection: keep-alive.
*/
config->feature_flags &= ~RUNTIME_FEATURE_CONNECTION_KEEP_ALIVE;
log_error(LOG_LEVEL_ERROR,
"Config option single-threaded disables connection keep-alive.");
}
}
-#endif
+ else if ((config->feature_flags & RUNTIME_FEATURE_CONNECTION_SHARING))
+ {
+ log_error(LOG_LEVEL_ERROR, "Config option connection-sharing "
+ "has no effect if keep-alive-timeout isn't set.");
+ config->feature_flags &= ~RUNTIME_FEATURE_CONNECTION_SHARING;
+ }
+#endif /* def FEATURE_CONNECTION_SHARING */
if (NULL == config->proxy_args)
{
log_error(LOG_LEVEL_FATAL, "Out of memory loading config - insufficient memory for config->proxy_args");
}
- if (config->actions_file[0])
+ if (config->re_filterfile[0])
{
- add_loader(load_action_files, config);
+ add_loader(load_re_filterfiles, config);
}
- if (config->re_filterfile[0])
+ if (config->actions_file[0])
{
- add_loader(load_re_filterfiles, config);
+ add_loader(load_action_files, config);
}
#ifdef FEATURE_TRUST
@@ -1785,35 +2072,41 @@ struct configuration_spec * load_config(void)
}
#endif /* def FEATURE_TRUST */
- if ( NULL == config->haddr )
+ if (NULL == config->haddr[0])
{
- config->haddr = strdup( HADDR_DEFAULT );
+ config->haddr[0] = strdup_or_die(HADDR_DEFAULT);
}
- if ( NULL != config->haddr )
+ for (i = 0; i < MAX_LISTENING_SOCKETS && NULL != config->haddr[i]; i++)
{
- if (NULL != (p = strchr(config->haddr, ':')))
+ if ((*config->haddr[i] == '[')
+ && (NULL != (p = strchr(config->haddr[i], ']')))
+ && (p[1] == ':')
+ && (0 < (config->hport[i] = atoi(p + 2))))
{
- *p++ = '\0';
- if (*p)
- {
- config->hport = atoi(p);
- }
+ *p = '\0';
+ memmove((void *)config->haddr[i], config->haddr[i] + 1,
+ (size_t)(p - config->haddr[i]));
}
-
- if (config->hport <= 0)
+ else if (NULL != (p = strchr(config->haddr[i], ':'))
+ && (0 < (config->hport[i] = atoi(p + 1))))
+ {
+ *p = '\0';
+ }
+ else
{
- *--p = ':';
- log_error(LOG_LEVEL_FATAL, "invalid bind port spec %s", config->haddr);
+ log_error(LOG_LEVEL_FATAL, "invalid bind port spec %s", config->haddr[i]);
/* Never get here - LOG_LEVEL_FATAL causes program exit */
}
- if (*config->haddr == '\0')
+ if (*config->haddr[i] == '\0')
{
/*
- * Only the port specified. We stored it in config->hport
+ * Only the port specified. We stored it in config->hport[i]
* and don't need its text representation anymore.
+ * Use config->hport[i] == 0 to iterate listening addresses since
+ * now.
*/
- freez(config->haddr);
+ freez(config->haddr[i]);
}
}
@@ -1822,7 +2115,7 @@ struct configuration_spec * load_config(void)
*
* Need to set up a fake csp, so they can get to the config.
*/
- fake_csp = (struct client_state *) zalloc (sizeof(*fake_csp));
+ fake_csp = zalloc_or_die(sizeof(*fake_csp));
fake_csp->config = config;
if (run_loader(fake_csp))
@@ -1836,9 +2129,10 @@ struct configuration_spec * load_config(void)
/* FIXME: this is a kludge for win32 */
#if defined(_WIN32) && !defined (_WIN_CONSOLE)
- g_default_actions_file = config->actions_file[0]; /* FIXME Hope this is default.action */
- g_user_actions_file = config->actions_file[1]; /* FIXME Hope this is user.action */
- g_re_filterfile = config->re_filterfile[0]; /* FIXME Hope this is default.filter */
+ g_default_actions_file = config->actions_file[1]; /* FIXME Hope this is default.action */
+ g_user_actions_file = config->actions_file[2]; /* FIXME Hope this is user.action */
+ g_default_filterfile = config->re_filterfile[0]; /* FIXME Hope this is default.filter */
+ g_user_filterfile = config->re_filterfile[1]; /* FIXME Hope this is user.filter */
#ifdef FEATURE_TRUST
g_trustfile = config->trustfile;
@@ -1849,37 +2143,40 @@ struct configuration_spec * load_config(void)
/* FIXME: end kludge */
- config->need_bind = 1;
-
- if (current_configfile)
+ if (current_configfile == NULL)
+ {
+ config->need_bind = 1;
+ }
+ else
{
struct configuration_spec * oldcfg = (struct configuration_spec *)
current_configfile->f;
/*
- * Check if config->haddr,hport == oldcfg->haddr,hport
- *
- * The following could be written more compactly as a single,
- * (unreadably long) if statement.
+ * Check if config->haddr[i],hport[i] == oldcfg->haddr[i],hport[i]
*/
config->need_bind = 0;
- if (config->hport != oldcfg->hport)
- {
- config->need_bind = 1;
- }
- else if (config->haddr == NULL)
+
+ for (i = 0; i < MAX_LISTENING_SOCKETS; i++)
{
- if (oldcfg->haddr != NULL)
+ if (config->hport[i] != oldcfg->hport[i])
+ {
+ config->need_bind = 1;
+ }
+ else if (config->haddr[i] == NULL)
+ {
+ if (oldcfg->haddr[i] != NULL)
+ {
+ config->need_bind = 1;
+ }
+ }
+ else if (oldcfg->haddr[i] == NULL)
+ {
+ config->need_bind = 1;
+ }
+ else if (0 != strcmp(config->haddr[i], oldcfg->haddr[i]))
{
config->need_bind = 1;
}
- }
- else if (oldcfg->haddr == NULL)
- {
- config->need_bind = 1;
- }
- else if (0 != strcmp(config->haddr, oldcfg->haddr))
- {
- config->need_bind = 1;
}
current_configfile->unloader = unload_configfile;
@@ -1901,7 +2198,7 @@ struct configuration_spec * load_config(void)
* Description : Called from `load_config'. It saves each non-empty
* and non-comment line from config into
* config->proxy_args. This is used to create the
- * show-proxy-args page. On error, frees
+ * show-status page. On error, frees
* config->proxy_args and sets it to NULL
*
* Parameters :
@@ -1924,7 +2221,7 @@ static void savearg(char *command, char *argument, struct configuration_spec * c
* Add config option name embedded in
* link to its section in the user-manual
*/
- buf = strdup("\nusermanual, "file://", 7) ||
!strncmpic(config->usermanual, "http", 4))
{
@@ -1946,7 +2243,7 @@ static void savearg(char *command, char *argument, struct configuration_spec * c
return;
}
- if ( (NULL != argument) && ('\0' != *argument) )
+ if ((NULL != argument) && ('\0' != *argument))
{
s = html_encode(argument);
if (NULL == s)